package sunyu.controller.shiro;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import sunyu.config.Constant;
import sunyu.controller.CommonController;
import sunyu.pojo.shiro.Principal;
import sunyu.toolkit.core.CodecKit;
import sunyu.toolkit.core.LogKit;


@Controller
@RequestMapping("/shiro")
public class ShiroController extends CommonController {

    private static final Logger logger = LogKit.getLogger();

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String loginPage() {
        return "/template/shiro/login";
    }

    @RequestMapping(value = "/login", method = RequestMethod.POST)
    public String login(String name, String pwd, Model model) {
        String msg = null;
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(name, CodecKit.md5Hex(pwd));
        try {
            subject.login(token);
            if (subject.isAuthenticated()) {
                return "redirect:/shiro/main";
            }
        } catch (IncorrectCredentialsException e) {
            msg = "[" + token.getPrincipal() + "]登录密码错误！";
        } catch (ExcessiveAttemptsException e) {
            msg = "登录失败次数过多！";
        } catch (LockedAccountException e) {
            msg = "[" + token.getPrincipal() + "]帐号已被锁定！";
        } catch (DisabledAccountException e) {
            msg = "[" + token.getPrincipal() + "]帐号已被禁用！";
        } catch (ExpiredCredentialsException e) {
            msg = "[" + token.getPrincipal() + "]帐号已过期！";
        } catch (UnknownAccountException e) {
            msg = "[" + token.getPrincipal() + "]帐号不存在！";
        } catch (UnauthorizedException e) {
            msg = "您没有得到相应的授权！[" + e.getMessage() + "]";
        }
        model.addAttribute(Constant.errMsg, msg);
        model.addAttribute("loginName", name);
        model.addAttribute("loginPwd", pwd);
        logger.error(msg);
        return "/template/shiro/login";
    }

    @RequestMapping(value = "/logout")
    public String logout() {
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        return "redirect:/shiro/login";
    }

    @RequestMapping(value = "/unauthorized", method = RequestMethod.GET)
    public String unauthorizedPage() {
        return "/template/shiro/unauthorized";
    }

    @RequestMapping(value = "/noLogin", method = RequestMethod.GET)
    public String noLoginPage() {
        return "/template/shiro/noLogin";
    }

    @RequestMapping(value = "/main", method = RequestMethod.GET)
    public String main() {
        return "/template/shiro/main";
    }

    @RequestMapping("/principal")
    @ResponseBody
    public Principal getPrincipal() {
        Subject subject = SecurityUtils.getSubject();
        return (Principal) subject.getPrincipal();
    }

}
